In this paper, we investigate the security implications of virtualized and software-based Open Radio Access Network (RAN) systems, specifically focusing on the architecture proposed by the O-RAN ALLIANCE and O-Cloud deployments based on the O-RAN Software Community (OSC) stack and infrastructure. Our key findings are based on a thorough security assessment and static scanning of the OSC Near Real-Time RAN Intelligent Controller (RIC) cluster. We highlight the presence of potential vulnerabilities and misconfigurations in the Kubernetes infrastructure supporting the RIC, also due to the usage of outdated versions of software packages, and provide an estimation of their criticality using various deployment auditing frameworks (e.g., MITRE ATT&CK and the NSA CISA). In addition, we propose methodologies to minimize these issues and harden the Open RAN virtualization infrastructure. These encompass the integration of security evaluation methods into the deployment process, implementing deployment hardening measures, and employing policy-based control for RAN components. We emphasize the need to address the problems found in order to improve the overall security of virtualized Open RAN systems.

翻译：本文研究了虚拟化和基于软件的开放式无线接入网（RAN）系统的安全影响，重点关注O-RAN联盟提出的架构以及基于O-RAN软件社区（OSC）栈和基础设施的O-Cloud部署。我们的关键发现基于对OSC近实时RAN智能控制器（RIC）集群的全面安全评估和静态扫描。我们指出了支持RIC的Kubernetes基础设施中存在的潜在漏洞和错误配置，这些部分原因也源于使用了过时版本的软件包，并利用多种部署审计框架（如MITRE ATT&CK和NSA CISA）对其严重性进行了评估。此外，我们提出了最小化这些问题并强化Open RAN虚拟化基础设施的方法论，包括将安全评估方法集成到部署流程中、实施部署加固措施，以及对RAN组件采用基于策略的控制。我们强调，需要解决所发现的问题，以提升虚拟化Open RAN系统的整体安全性。